<?php
	if ( !defined('IN_SITE') ){
		die('');
	}

$base_url = 'index.php';

function check_login(){
	global $template, $site_option, $db;

	$cookie_logid		= $site_option['cookie_login_id'];
	$login_expiretime	= $site_option['login_expiretime'];

//	$login_id 	= isset($_COOKIE[$cookie_logid]) ? htmlspecialchars($_COOKIE[$cookie_logid]) : '';
	$login_id	= isset($_SESSION[$cookie_logid]) ? htmlspecialchars($_SESSION[$cookie_logid]) : '';

	if (!empty($login_id)){
		$login_time = time() - $login_expiretime;
		$sql = "SELECT user_id FROM admin_users WHERE user_login_id='" . $login_id . "' AND user_login_time>=$login_time";
		if ( !$result = $db->sql_query($sql) ){
			message_die("Couldn't run the sql query!!!", "", __LINE__, __FILE__, $sql);
		}
		if ($db->sql_numrows($result)){
			return true;
		}
	}
	redirect("index.php");
	return false;
}

function get_user_info(){
	global $db, $site_option, $base_url;

	$cookie_logid	= $site_option['cookie_login_id'];
//	$login_id		= isset($_COOKIE[$cookie_logid]) ? htmlspecialchars($_COOKIE[$cookie_logid]) : '';
	$login_id		= isset($_SESSION[$cookie_logid]) ? htmlspecialchars($_SESSION[$cookie_logid]) : '';

	if (!empty($login_id)){
		$sql = "SELECT * FROM admin_users WHERE user_login_id='".$login_id."'";				
		
		if ( !$result = $db->sql_query($sql) ) {
			message_die("Couldn't run the sql query!!!", "", __LINE__, __FILE__, $sql);
		}
		$user_count = $db->sql_numrows($result);
		$user_info  = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);	
		return $user_info;	
	}

	redirect($base_url);
	return 0;
}

function check_any_auth($function_url){
	global $db, $access_user;

	$user_info = get_user_info();
	if ($user_info['user_level'] == SYSTEM_ADMIN) return -1;//Admin

	$sql = 'SELECT AAA.* FROM admin_auth_access AS AAA, admin_functions AS AF WHERE AF.function_id=AAA.function_id AND AF.function_url="'. $function_url .'" AND AAA.user_id='. $user_info['user_id'];
	if ( !$result = $db->sql_query($sql) ) {
		message_die("Couldn't run the sql query!!!", "", __LINE__, __FILE__, $sql);
	}
	
	$function_count = $db->sql_numrows($result);
	$function_info  = $db->sql_fetchrow($result);	
	$db->sql_freeresult($result);

	if ($function_count){
		$auth_level = $function_info['auth_level'];
		if (isset($access_user[$auth_level])){
			reset($access_user[$auth_level]);
			while (list(, $access) = each($access_user[$auth_level])){
				if ($access == 'yes') return $auth_level;
			}
		}
	}
	die("You don't have permission to access this function");
	return 0;	
}

function check_specify_auth($auth_level, $act, $pause=1){
	global $access_user;

	if ($auth_level==-1){ //Admin
		return true;
	}

	if ( isset($access_user[$auth_level][$act]) && ($access_user[$auth_level][$act] == "yes") ){
		return true;
	}

	if ($pause){
		die("You don't have permission to access this function. <a href='javascript:history.back(-1);'>Back</a>");
	}
	return false;
}
function check_file_type($filename){
	global $upload_type;

	//Get file type
	$start = strrpos($filename,".");
	if ($start == strlen($filename)) return false;

	$user_type = strtolower(substr($filename, $start+1));

	$allow_type = explode(',', $upload_type);
	reset ($allow_type);
	while (list(, $val)=each($allow_type)){
	       if ($val == $user_type) return true;
	}

	return false;
}

function getYearExpried($strTime='',$intTime=1){
	$epriTime='';
	$strTime=strtotime($strTime);	
	$epriTime=date('Y-m-d',strtotime("+$intTime year",$strTime));
	return $epriTime;	
}
//----------------------------------------------------------------------------------------------
function getCustCat($lang='vn',$id=0){
	global $db,$template;
	 
		$sql="select * from vb_ypcategory where cat_active=1 and cat_Level=1";				 
	  	$sql.=$lang=='vn' ? ' order by cat_Name_vn' : ' order by cat_Name';
		
	if($id){
	   $sql.=" and catID=".$id;   
		
		 if(!$result=$db->sql_query($sql)){
			message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
		 }
		 $sql_data = $db->sql_fetchrow($result);
		  $btype= $lang=='vn'  ? $sql_data["cat_Name_vn"] : $sql_data["cat_Name"];
		 return $btype;
	  }
  
	if(!$result=$db->sql_query($sql)){
		message_die("Couldn't run the sql query!!!", "", __LINE__, __FILE__, $sql);
	}
	
	$cat_count=$db->sql_numrows($result);
	$cat_data=$db->sql_fetchrowset($result);
	
	for($i=0;$i<$cat_count;$i++){
	 $btype= $lang=='vn'  ?$cat_data[$i]["cat_Name_vn"]	 :$cat_data[$i]["cat_Name"]	;
		$template->assign_block_vars("catrow", array(			
			'catValue'		=> $cat_data[$i]["catID"],	
			'catCaption'   	=>  $btype  	
			));
	}
  unset($cat_data);
} 

function getCusBussType($lang='vn',$busID=0){
 
 global $template, $db;	
  $sql="select * from vb_businesstype";
  
  
 
 
   if($busID){
   $sql.=" where id=".$busID;   
    
     if(!$result=$db->sql_query($sql)){
  		message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
 	 }
	 $sql_data = $db->sql_fetchrow($result);
	 $btype= $lang=='vn'  ? $sql_data["c_name_vn"] : $sql_data["c_name"];
	 return $btype ;
  }
  
   $sql.= $lang=='vn' ? ' order by c_name_vn' : ' order by c_name';
   
  if(!$result=$db->sql_query($sql)){
  	message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
  }
  $dep_count=$db->sql_numrows($result);
  $dep_data=$db->sql_fetchrowset($result);	
  $db->sql_freeresult($result);
  for($i=0;$i<$dep_count;$i++){
  	 $btype= $lang=='vn'  ? $dep_data[$i]["c_name_vn"] : $dep_data[$i]["c_name"]	;
	  
   	$template->assign_block_vars("busType",array(
	 "bvalue"     => $dep_data[$i]["id"],
	 "bcaption"  =>  $btype
	)) ;
  }
    unset($dep_data);
  return true;

}
function getCustJobTitle($lang='vn',$jobID=0){
 global $template, $db;	
 
  $sql="select * from vb_jobtitle";
  $sql.= $lang=='vn' ? ' order by c_name_vn' : ' order by c_name';
  if($jobID){
   $sql.=" where id=".$jobID;
     if(!$result=$db->sql_query($sql)){
  		message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
 	 }
	 $sql_data = $db->sql_fetchrow($result);
	   $btype= $lang=='vn'  ? $sql_data["c_name_vn1"] : $sql_data["c_name1"];
	 return  $btype;
  }
  if(!$result=$db->sql_query($sql)){
  	message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
  }
  $dep_count=$db->sql_numrows($result);
  $dep_data=$db->sql_fetchrowset($result);	
  $db->sql_freeresult($result);
  for($i=0;$i<$dep_count;$i++){
    $btype= $lang=='vn'  ? $dep_data[$i]["c_name_vn"] : $dep_data[$i]["c_name"];
   	$template->assign_block_vars("jobType",array(
	 "bvalue"     => $dep_data[$i]["id"],
	 "bcaption"  =>$btype
	)) ;
  }
  unset($dep_data);
  return true;
 
}
function showCustCategory($lang='vn',$cat=''){
 global $template, $db;	
 
 $arr1=explode(",",$cat);
 $c1=sizeof($arr1)-1;
 for($i=0;$i<$c1;$i++){

 	if(!empty($arr1[$i])){
	 
 
	 $where=ereg_replace("-",",",$arr1[$i]);
	 $sql="select cat_Name,cat_Name_vn from vb_ypcategory where catID in (".$where.") order by catID"; 
 
 
	 if(!$result=$db->sql_query($sql)){
  		message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
     }
	$cat_count=$db->sql_numrows($result);
    $cat_data=$db->sql_fetchrowset($result);	 
	for($j=0;$j<$cat_count;$j++){	
	    $cname= $lang=='vn'  ? $cat_data[$j]["cat_Name_vn"] : $cat_data[$j]["cat_Name"];
		$catCap= isset($catCap) ? $catCap.">>".$cname : $cname;
		$cname='';
	}
   	$template->assign_block_vars("catrows",array(
	 	"catValue"     => $arr1[$i],
	 	"catCaption"  => $catCap
	)) ;
	 
  }	
  
  unset($catCap);
 }

   return true;

}
function showCustTrade($cat=''){
 global $template, $db;	
  $where='';
  if(empty($cat)){
   return;
  }
  $arr1=explode(",",$cat);
  $c1=sizeof($arr1)-1;
 	for($i=0;$i<$c1;$i++){
		if(!empty($arr1[$i])){
			$where.=!empty($where) ? ','.$arr1[$i] : $arr1[$i];
		}
	}
	
	 
	 $sql="select vt.*  from vb_trade vt inner join vb_tradeno vtn on  vt.trade_id=vtn.trade_id
 where id in (".$where.") order by trade_no";
 
	 
	 if(!$result=$db->sql_query($sql)){
  		message_die("Couldn't run the sql query!!!","",__LINE__,__FILE__,$sql);
     }
	$cat_count=$db->sql_numrows($result);
    $cat_data=$db->sql_fetchrowset($result);	 
	for($j=0;$j<$cat_count;$j++){	
	 
	   	$template->assign_block_vars("traderow",array(
	 	"catValue"     => $cat_data[$j]['id'],
	 	"catCaption"  =>  $cat_data[$j]['c_name'],
	)) ;
	}
    
 
  return true;

}
?>